IETF Logo Mail Archive

Re: [radext] Alissa Cooper's Discuss on draft-ietf-radext-ip-port-radius-ext-11: (with DISCUSS and COMMENT)

kathleen.moriarty.ietf@gmail.com Tue, 16 August 2016 21:16 UTC

Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: radext@ietfa.amsl.com
Delivered-To: radext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 930F012B024; Tue, 16 Aug 2016 14:16:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uHUz4w26lPkT; Tue, 16 Aug 2016 14:15:58 -0700 (PDT)
Received: from mail-qk0-x231.google.com (mail-qk0-x231.google.com [IPv6:2607:f8b0:400d:c09::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 677B112D181; Tue, 16 Aug 2016 14:15:54 -0700 (PDT)
Received: by mail-qk0-x231.google.com with SMTP id t7so2375846qkh.1; Tue, 16 Aug 2016 14:15:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=b+TS86sjwyF/yYb4HdIPD9KSCKV+jPr9Ftv8RiGvrZg=; b=SX01ptNvqOtCOI7ThupQ19/jTfJiZ2672lmRRSPcddza3uT7wHQ4epUISKsldi8uPU SioQZgRaYzZdwYrJlJ4UVHMEjOatieHH5RclLkYCV4muDZmsBIZG5h6/PtP4EvRcs4YV dOmLHF89Ikf4YwVN7zlH96iQgpljGs38UIc0NncwUm44Ww9iOvUvmoCRI6OUdIFB9a1J IV7cwp4IMcEZmDvSP0sCEjWh4ra0kGmlbOBSpz9mrm6vj7lsyAmI8VCVx/bw6bTH+6rS bYdZnW2lA1G1MDsG+xYFEm1UUHCAum2jziiIUKebeINxwpQ8gCskcmm0D1via7bDTyYv GT+Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=b+TS86sjwyF/yYb4HdIPD9KSCKV+jPr9Ftv8RiGvrZg=; b=TPNgLvabHbotJSdfm0dPh2ie3q0PGjpPjvChFoqxCBS6XpWstSL6Q84sD4FTXIvjfG NQ+O81jKjwd5lkqDobn7JJxMy3SCnQRndFKMCan9og5J0XvpCFdMJXtVK5n3+euZBBQG bhpwE+faf361F1JyMKms3zueQ+10v7n7Sd5k/40TXwcdf5lx1NgnX4fTADFT/OtlzPxh 1CI/KjYUo5+VG4D+uFaa7fWqTKHVtmH9LC/J7JU4VhBu/0YQOICBUFdMF7ZaQv2OVaKW rL0KNWnvb/vrD9lzDjaGgRYIcvJvNrObUREWwHmH3zsMxODHPdBqBbkcw0/Zuim/kNkg pxAQ==
X-Gm-Message-State: AEkoousR5ZwD/H2kqiYUsDd/uWQ7IuRybsYwK+KQcxaXNV+JkA7vW0+meVQa7BEFdM7BCg==
X-Received: by 10.233.232.195 with SMTP id a186mr39443594qkg.18.1471382153456; Tue, 16 Aug 2016 14:15:53 -0700 (PDT)
Received: from [192.168.1.6] (209-6-124-204.c3-0.arl-ubr1.sbo-arl.ma.cable.rcn.com. [209.6.124.204]) by smtp.gmail.com with ESMTPSA id d133sm14837791qke.40.2016.08.16.14.15.52 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 16 Aug 2016 14:15:53 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (1.0)
From: kathleen.moriarty.ietf@gmail.com
X-Mailer: iPhone Mail (13F69)
In-Reply-To: <D0152C61-D391-482B-BF1E-45180F89DA41@cooperw.in>
Date: Tue, 16 Aug 2016 17:15:52 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <EACFFDF5-3974-4778-8EDD-A68410BAD972@gmail.com>
References: <147137412687.22998.17081075232946825763.idtracker@ietfa.amsl.com> <CAHbuEH7+Gw=zDiN66Aydmie2M4dXcVqjLKWHixR7Qe6ECfN9Hg@mail.gmail.com> <D0152C61-D391-482B-BF1E-45180F89DA41@cooperw.in>
To: Alissa Cooper <alissa@cooperw.in>
Archived-At: <https://mailarchive.ietf.org/arch/msg/radext/ca7QgR5g_SAZN9_VPN7ak4BIXZ4>
Cc: radext-chairs@ietf.org, draft-ietf-radext-ip-port-radius-ext@ietf.org, "radext@ietf.org" <radext@ietf.org>, IESG <iesg@ietf.org>, "<lionel.morand@orange.com>" <lionel.morand@orange.com>
Subject: Re: [radext] Alissa Cooper's Discuss on draft-ietf-radext-ip-port-radius-ext-11: (with DISCUSS and COMMENT)
X-BeenThere: radext@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: RADIUS EXTensions working group discussion list <radext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/radext>, <mailto:radext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/radext/>
List-Post: <mailto:radext@ietf.org>
List-Help: <mailto:radext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/radext>, <mailto:radext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Aug 2016 21:16:00 -0000


Sent from my iPhone

> On Aug 16, 2016, at 4:54 PM, Alissa Cooper <alissa@cooperw.in> wrote:
> 
> 
>> On Aug 16, 2016, at 4:41 PM, Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> wrote:
>> 
>> Alissa,
>> 
>> Thanks for your detailed review, this is helpful.  Hopefully we will
>> be able to resolve this with the editors and shepherd before Thursday.
>> I have one question in line that may help with the resolution for at
>> least #1 & #6.
>> 
>>> On Tue, Aug 16, 2016 at 3:02 PM, Alissa Cooper <alissa@cooperw.in> wrote:
>>> Alissa Cooper has entered the following ballot position for
>>> draft-ietf-radext-ip-port-radius-ext-11: Discuss
>>> 
>>> When responding, please keep the subject line intact and reply to all
>>> email addresses included in the To and CC lines. (Feel free to cut this
>>> introductory paragraph, however.)
>>> 
>>> 
>>> Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
>>> for more information about IESG DISCUSS and COMMENT positions.
>>> 
>>> 
>>> The document, along with other ballot positions, can be found here:
>>> https://datatracker.ietf.org/doc/draft-ietf-radext-ip-port-radius-ext/
>>> 
>>> 
>>> 
>>> ----------------------------------------------------------------------
>>> DISCUSS:
>>> ----------------------------------------------------------------------
>>> 
>>> (1) I find the absence of any definition of error handling behavior in
>>> this document to be a problem. I realize that the attributes specified in
>>> this document are meant to be transmitted between components that are all
>>> operated by the same administrative entity, but implementors can still
>>> make mistakes, and for those cases it seems like error handling should be
>>> defined. For example:
>>> 
>>> - What happens if the AAA server sends an IP-Port-Limit-Info attribute
>>> with a larger limit than the CGN is able to allocate to that particular
>>> user? What is the CGN supposed to do and how is that communicated back to
>>> the AAA server?
>>> 
>>> - What happens if the CGN sends an IP-Port-Range attribute that
>>> encompasses a larger range than a previously sent IP-Port-Limit-Info?
>>> What is the AAA server supposed to do?
>>> 
>>> - What happens if the AAA server sends an IP-Port-Forwarding-Map
>>> attribute to map a port that is not within the requesting host's
>>> allocated range? Is the CGN expected to change the mapping and send a CoA
>>> with a different IP-Port-Forwarding-Map, or communicate some sort of
>>> error, or something else?
>>> 
>>> There are surely other error cases. I think it's worth going through the
>>> uses of each attribute and specifying all the error handling behavior.
>>> This seems especially important since part of the motivation for these
>>> attributes is for identification and the consequences of erroneous
>>> identification could be severe for the user. Discussion of those
>>> consequences is also missing from Section 6.
>> 
>> As an alternative, I usually approach this type of problem as defining
>> what is acceptable and making everything else less acceptable.  White
>> lists are much easier to maintain and eliminate the possibility of
>> missing something.  If you and the WG agree, could we go forward with
>> that approach instead of defining all possible problems, just limiting
>> what is acceptable and making everything else an error?  
> 
> I think it’s fine to say “the only correct behavior is X” but you still need to say what implementations are expected to do when not-X happens. And X will have different values for the different usages of each of these attributes.
> 
Agreed, thanks.

Kathleen 
> Alissa
> 
>> This approach
>> applies to a few of your other discuss points as well, namely #2, #5,
>> and to some degree #3.
>> 
>>> 
>>> (2) Section 3.1.2 says:
>>> 
>>> "For port allocation, both IP-Port-Range-Start TLV and IP-
>>>  Port-Range-End TLV must be included; for port deallocation, the
>>>  inclusion of these two TLVs is optional and if not included, it
>>>  implies that all ports that are previously allocated are now
>>>  deallocated."
>>> 
>>> How does an AAA server distinguish between port allocation and
>>> deallocation requests if a deallocation request includes a range start
>>> and range end? Is the server supposed to assume that whatever range is
>>> specified by the most recently received IP-Port-Range attribute
>>> represents the only range of allocated ports for the host? What is the
>>> meaning of sending an IP-Port-Range request with only a start value or an
>>> end value but not both (as seems to be allowable by the above)?
>>> 
>>> (3) The specification of IP-Port-Local-Id seems to allow for unnecessary
>>> exposure of potentially sensitive information. There is no explanation
>>> given for why the combination of the other identifiers included in
>>> IP-Port-Range and IP-Port-Forwarding attributes is insufficient to
>>> identify the host in DS-Extra-Lite and Lightweight 4over6 cases. As
>>> defined, it sounds like implementations could put basically any user,
>>> device, or interface identifier in there. If this TLV is actually
>>> necessary to communicate what these attributes are trying to accomplish,
>>> the justification for it should be provided and the limitations on when
>>> this field may be used and what kind of identifiers can appear here
>>> should be stated.
>>> 
>>> (4) The shepherd write-up discusses two different approaches to defining
>>> the sub-TLV types and then says: "Both approaches were considered as
>>> valid and the WG has decided to let IANA decide what the approach is
>>> preferred when allocating the TLV-Type for the sub-TLVs defined in this
>>> document." This is not appropriate. The document needs to explicitly
>>> define how the types should be allocated and should not leave the
>>> decision to IANA. I see that IANA has already noted that Section 7.3 is
>>> ambiguous about this; the WG needs to make a choice.
>> 
>> Thank you, and yes, the WG needs to make a decision.
>> 
>> Kathleen
>> 
>>> 
>>> (5) Section 6 seems to be missing a discussion of the consequences of
>>> communicating erroneous port range and port mapping information. Since
>>> part of the motivation for these attributes is identification of the
>>> host, this needs to be discussed.
>>> 
>>> 
>>> ----------------------------------------------------------------------
>>> COMMENT:
>>> ----------------------------------------------------------------------
>>> 
>>> (1) What does it mean for an IP-Port-Range attribute to have IP-Port-Type
>>> 1 or 2? Can numbers in the whole range be used for any of the port or
>>> identifier types? Or is the range expected to be split up somehow among
>>> the multiple types? I think this needs to be explained.
>>> 
>>> (2) In 4.1.4, how does the ISP know that Joe is traveling?
>> 
>> 
>> 
>> -- 
>> 
>> Best regards,
>> Kathleen
>

v2.23.0 | Report a Bug | By Email